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( START ) 



WEB BROWSER SENDS HTTP 
REQUEST TO WEB SERVER 



WEB SERVER RETURNS CERTIFICATE TO 
WEB BROWSER, ESTABLISHES SECURE 

SOCKETS LAYER ENCRYPTED 
CONNECTION AND SENDS LOGIN FORM 



601 



WEB BROWSER SUBMITS LOGIN DATA 
INCLUDING USER NAME AND PASSWORD OF A 
KERBEROS PRINCIPAL TO WEB SERVER 



WEB SERVER INITIATES COMMON 
GATEWAY INTERFACE (CGI) SERVICE 
INTERFACE PROCESS, PASSING LOGIN 
DATA OVER STANDARD INPUT 



604 



CGI SERVICE INTERFACE INITIATES 
KERBEROS INITIALIZATION CLIENT, 
PASSING LOGIN DATA AS INPUT 
PARAMETERS OVER STANDARD INPUT 
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KERBEROS INITIALIZATION CLIENT SENDS 
REQUEST FOR TICKET-GRANTING TICKET 
(TGT) TO KEY DISTRIBUTION CENTER (KDC) 
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TO FIGURE 5B 



FIGURE 5A 



FROM FIGURE 5A 



KDC EXTRACTS USER KEY FOR KERBEROS 
PRINCIPAL FROM KERBEROS DATABASE 

-J 




r 


KDC SENDS TGT, ALOI" 
KEY ENCRYPTED WITh 
TO KERBEROS INIT 


JG WITH KDC SESSION 
1 THE USER KEY, BACK 
IALIZATION CLIENT 



KERBEROS INITIALIZATION CLIENT USES 
PASSWORD TO GENERATE USE KEY, 
DECRYPTS KDC SESSION KEY WITH USER KEY, 
STORES TGT AND KDC SESSION KEY IN 
CREDENTIALS CACHE, THEN EXITS 
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CGI SERVICE INTERFACE ASCII- AND 
URL- ENCODES INFORMATION IN 
CREDENTIALS CACHE 
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CGI SERVICE INTERFACE SENDS ENCODED 
CREDENTIALS CACHE INFORMATION AND 
COMMAND FORM TO WEB SERVER, DESTROYS 
CREDENTIALS CACHE, THEN EXITS 



WEB SERVER SENDS ENCODED 
CREDENTIALS CACHE INFORMATION 
AND COMMAND FORM TO WEB BROWSER 



( END ) 



FIGURE 5B 
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( START ) 
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WEB BROWSER SUBMITS COMMAND DATA 
AND ENCODED CREDENTIALS CACHE 
DATA TO WEB SERVER 



r 



WEB SERVER INITIATES COMMON 
GATEWAY INTERFACE (CGI) SERVICE 

INTERFACE PROCESS, PASSING 
ENCODED CREDENTIALS CACHE DATA 
AND COMMAND DATA 



CGI SERVICE INTERFACE DECODES ENCODED 
CREDENTIALS CACHE DATA AND INITIATES 
PARALLEL EXECUTION UTILITY 
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PARALLEL EXECUTION UTILITY EXECUTES 
AT LEAST ONE SECURE REMOTE 
EXECUTION CLIENT 



SECURE REMOTE EXECUTION CLIENT 
EXTRACTS TGT AND KDC SESSION KEY 
FROM CREDENTIALS CACHE 
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SECURE REMOTE EXECUTION CLIENT SENDS 


TGT AND AUTHENTICATOR #1 TO KDC 
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TO FIGURE 7B 



FIGURE 7A 



FROM FIGURE 7A 



KDC DECRYPTS TGT AND SENDS 
AUTHENTICATOR #2 TO SECURE 
REMOTE EXECUTION CLIENT 
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SECURE REMOTE EXECUTION CLIENT SENDS 
REQUEST FOR SERVER TICKET (ST) FOR 
MANAGED HOST TO KDC 
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KDC CREATES A SERVER SESSION KEY 
AND EXTRACTS THE KERBEROS SERVER 
KEY FOR THE MANAGED HOST 
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KDC SENDS ST FOR MANAGED HOST, 
ALONG WITH SERVER SESSION KEY 
ENCRYPTED WITH THE KDC SESSION KEY, 
BACK TO SECURE REMOTE EXECUTION 
CLIENT, WHICH DECRYPTS SERVER SESSION 
KEY WITH KDC SESSION KEY 
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SECURE REMOTE EXECUTION CLIENT SENDS 
CONNECTION REQUEST TO INTERNET SUPER- 
DAEMON ON MANAGED HOST 
v J 
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s \ 

INTERNET SUPER-DAEMON INITIATES 
SECURE REMOTE EXECUTION DAEMON 
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TO FIGURE 7C 



FIGURE 7B 



FROM FIGURE 7B 



SECURE REMOTE EXECUTION CLIENT SENDS 
ST FOR MANAGED HOST AND AUTHENTICATOR 
#3 TO SECURE REMOTE EXECUTION DAEMON 



SECURE REMOTE EXECUTION DAEMON 
EXTRACTS SERVER KEY FOR MANAGED HOST 
FROM KEY TABLE, DECRYPTS ST, AND SENDS 
AUTHENTICATOR #4 TO SECURE REMOTE 
EXECUTION CLIENT, ESTABLISHING 
ENCRYPTION CONNECTION 



SECURE REMOTE EXECUTION CLIENT SENDS 
COMMAND DATA TO SECURE REMOTE 
EXECUTION DAEMON 
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SECURE REMOTE EXECUTION DAEMON 
EXTRACTS ACCESS CONTROL LISTS (ACLs) 

FROM ACL FILE AND VERIFIES THAT 
KERBEROS PRINCIPAL IS AUTHORIZED TO 
EXECUTE COMMAND AS THE SPECIFIED USER 
ON MANAGED HOST 
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SECURE REMOTE EXECUTION DAEMON SENDS 
AUDIT TRAIL DATA TO SYSTEM LOGGING 
DAEMON ON MANAGED HOST 
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SYSTEM LOGGING DAEMON ON MANAGED " 

HOST SENDS AUDIT TRAIL DATA TO SYSTEM 

LOGGING DAEMON ON SERVER 
> — _ J 
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TO FIGURE 7D 



FIGURE 7C 



FROM FIGURE 7C 



SYSTEM LOGGING DAEMON ON SERVER 
RECORDS AUDIT TRAIL DATA IN LOG FILE 
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SECURE REMOTE EXECUTION DAEMON 
INITIATES SERVICE PROCESS TO 
EXECUTE COMMAND, PASSING COMMAND 
DATA AS INPUT PARAMETERS 
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SERVICE PROCESS RETURNS OUTPUT 

TO SECURE REMOTE EXECUTION 

DAEMON, THEN EXITS 
^ ) 
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SECURE REMOTE E 
SENDS OUTPUT TC 
EXECUTION CLIE 


XECUTION DAEMON 
) SECURE REMOTE 
:NT, THEN EXITS 
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TO FIGURE 7E 



FIGURE 7D 



FROM FIGURE 7D 



SECURE REMOTE EXECUTION CLIENT 
SENDS OUTPUT TO PARALLEL 
EXECUTION UTILITY, THEN EXITS 



PARALLEL EXECUTION UTILITY PASSES 
OUTPUT TO CGI SERVICE INTERFACE 



CGI SERVICE INTERFACE SENDS OUTPUT 
TO WEB SERVER, DESTROYS INFORMATION IN 
CREDENTIALS CACHE, THEN EXITS 
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WEB SERVER SENDS OUTPUT 
TO WEB BROWSER 



( END ~) 



FIGURE 7E 
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DETERMINE HOW MANY SRE CLIENTS 
MAY BE RUN SIMULTANEOUSLY 
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SCHEDULE NEXT ALARM EVENT TO OCCUR IN T1 SECONDS 



1606 



( CREATE SRE CLIENT(S) AND GENERATE CLIENT LIST 



1608 



ANY SRE CLIENT(S) RUNNING? 



NO 
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EXIT 




FIGURE 8 
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FIGURE 9A 



SCHEDULE 
NEXT ALARM 
EVENT 
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( EXIT 



FIGURE 9B 



TERMINATE 
SRE CLIENT 
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FIGURE 9C 



SET NEXT 
ALARM EVENT 
NO LATER THAN 
T1 SECONDS 
FROM START 
TIME OF THIS 
SRE CLIENT 
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TERMINATE 
SRE CLIENT 



FIGURE 9D 



FIGURE 9E 



